Uncovering Android Master Key That Makes 99% of Devices Vulnerable

Science & Technology Information Technology, Gaming, Machines, Gadgets
1

Uncovering Android Master Key That Makes 99% of Devices Vulnerable

The Bluebox Security research team – Bluebox Labs – recently discovered a vulnerability in Android’s security model that allows a hacker to modify APK code without breaking an application’s cryptographic signature, to turn any legitimate application into a malicious Trojan, completely unnoticed by the app store, the phone, or the end user.

Me going back to my nokia 3310:bummer:

2

Re: Uncovering Android Master Key That Makes 99% of Devices Vulnerable

:teggy: GSBot to translate all this stuff in simple langauge

3

Re: Uncovering Android Master Key That Makes 99% of Devices Vulnerable

I think issue could be with offline downloadable apk files. Couldn’t understand how an app could be changed if a software developer had himself uploaded it on Google play.

4

Re: Uncovering Android Master Key That Makes 99% of Devices Vulnerable

While the risk to the individual and the enterprise is great (a malicious app can access individual data, or gain entry into an enterprise), this risk is compounded when you consider applications developed by the device manufacturers (e.g. HTC, Samsung, Motorola, LG) or third-parties that work in cooperation with the device manufacturer (e.g. Cisco with AnyConnect VPN) – that are granted special elevated privileges within Android – specifically System UID access."

==
But why the manufacturers will do such thing? to collect user data for theit future R&D?